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TITLE OF THE INVENTION 

COMMUNICATION TERMINAL, VALUE ENTITY PROVIDING SERVER, 
APPLICATION DELIVERY SERVER, ELECTRONIC PROCUREMENT 
SUPPORTING METHOD, AND ELECTRONIC PROCUREMENT SUPPORTING 
5 PROGRAM 

BACKGROUND OF THE INVENTION 
Field of the Invention 
[0001] 

The present invention relates to a communication 
10 terminal, a value entity providing server, an application 

delivery server, an electronic procurement supporting 
system, an electronic procurement supporting method, and 
an electronic procurement supporting program. 
Related Background Art 
15 [0002] 

Along with the recent popularization of portable ■ 
communication terminals such as cell phones (which will be 
referred to hereinafter as "portable terminals") and 
speeding-up of radio communication speeds, practical use 
20 has been achieved of information communication systems that 

permit the portable terminals to acquire desired content 
data from server apparatus through networks such as the 
Internet. In the electronic commerce utilizing such 
systems, entities of value are sometimes used as payment 
25 means without use of credit cards or cash. 

[0003] 

1 
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A value entity is electronic data expressing (or 
substantiating) some economic value. The value entity is 
also called an electronic value and examples of such value 
entities include electronic money expressing monetary value 
5 (also called electronic currency, electronic circulation, 

and so on) , electronic tickets provided in the prepaid system, 
and so on. The electronic tickets express, for example, such 
values as book coupons, commutation tickets, railway tickets , 
and so on. 
10 [0004] 

A proposed method of safely circulating such value 
entities is, for example, a technique of transferring a value 
entity filled (or charged) in a tamper-resistant IC 
(Integrated Circuit) card, by use of a dedicated card reader 
15 (e.g., cf. Nonpatent Document 1). 

[0005] 

However, the IC cards are excellent in carryability 
and portability, while can pose the problems as described 
below, for example. 
20 1 . Since they have no user interface, the users cannot 

check the remainder of value entity unless they are connected 
to a separate display device. 

2. Since no application can be mounted on them, they 
cannot graphically navigate for user's electronic 
25 procurement action. 

3 . Since they have no communication means, they cannot 
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be refilled with an additional value entity unless they are 
connected to a separate communication device. 
[0006] 

On the other hand, there are cell phones as portable 
5 terminals excellent in carryability and free of the above 

problems.. The cell phones have such a user interface as a 
display unit or the like, and an application can be mounted 
on the cell phones. It is also feasible to refill the cell 
phones with a value entity from an external server apparatus 
10 through radio communication means. 

[0007] 

In order for a cell phone to acquire an application, 
it is common practice to download the application through 
a cellular network. The cellular network is apublic wireless 
15 network utilizing such an infrastructure as radio base 

stations operated by a telecommunications carrier. 
However, some of applications do not guarantee security and 
might harm the cell phones when downloaded and executed. 
[0008] 

20 In order to clear up the above concern, a cellular 

network adopts such a technique as to restrict access of 
applications to a specific memory area in the cell phones 
and confine servers capable of communication through the 
use of applications to delivery sources thereof (e.g., cf. 

25 Nonpatent Document 2) . 

[0009] 



3 



FP03-0308-00 



Another cellular network adopts such a scheme as to 
permit the users to download only applications created by 
parties certified as qualified creators, from Web sites 
(e.g., cf. Nonpatent Document 3). 
5 [0010] 

[Nonpatent Document 1] "Information security 

technologies for foundation of electronicmoney, andsecurity 
evaluations" IMES Discussion Paper Series 98-J-26, November 
1998, INSTITUTE FOR MONETARY AND ECONOMIC STUDIES, BANK OF 

10 JAPAN 

[Nonpatent Document 2] i-mode-compliant Java 

Contents Development Guides -Detail Edition- Version 1.1, 
May 14, 2001, NTTDoCoMo, Inc., 

http : / /www . nttdocomo . co . jp/p_s/imode/ j ava/pdf / j guideOlO 

15 514.pdf 

[Nonpatent Document 3] J- PHONE Java Application 

Development Guides Version 1.1.5, Nov. 28, 2001, 
http : / /www . dp . j -phone . com/ f i le/ j_j ava_dgl 1 5 . pdf 
SUMMARY OF THE INVENTION 

20 [0011] 

In the above prior art, as described above, the 
applications to be circulated are limited to only those with 
security verified with some labor, or restrictions are 
imposed on correspondents of the portable terminals, in order 

25 to ensure the security of circulation of value entities 

through the cellular network. However, these techniques are 



4 



FP03-0308-00 



10 



predicated on the utilization of the cellular network, but 
are not prepared for use of applications acquired through 
ad hoc networks . 
[0012] 

The cellular networks are sort of closed networks under 
the control of telecommunications carriers and have a high 
possibility of accurately authenticating correspondents. 
For this reason, communications utilizing the cellular 
networks are at low risk of intermediation of a third party 
and are thus relatively secure. In contrast to it, the ad 
hoc networks are sort of open networks which are temporarily 
established between portable terminals, independent of the 
specific infrastructure such as the base stations. 
Therefore, there is a possibility of risk if the applications 
acquired through the ad hoc networks are allowed to access 
the value entities charged in the portable terminals. 
[0013] 

In view of the above problem, an object of the present 
invention is to safely and readily transmit and receive a 
value entity through the use of an application acquired 
through an ad hoc network. 
[0014] 

In order to achieve the above object, a communication 
terminal according to the present invention comprises 
25 acquiring means for acquiring a value entity accompanied 

by a public key corresponding to a specific private key; 
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receiving means for receiving an application electronically 
signedby the private key, through an ad hoc network; verifying 
means for verifying the application through the use of the 
public key; and transferring means for transferring the value 
5 entity through the use of the application when the verifying 

means successfully verifies the application. 
[0015] 

Avalue entity providing server according to the present 
invention comprises providing means for providing a value 
10 entity accompanied by a public key corresponding to a specific 

private key, through a cellular network, for the 
communication terminal as set forth. 
[0016] 

An application delivery server according to the present 
15 invention comprises application transmitting means for 

transmitting the application through the ad hoc network to 
the communication terminal as set forth; and value entity 
acquiring means for acquiring the value entity transferred 
by the transferring means of the communication terminal, 
20 through the ad hoc network. 

[0017] 

An electronic procurement supporting system according 
to the present invention comprises the aforementioned 
communication terminal, the aforementioned value entity 
25 providing server, and the aforementioned application 

delivery server. The electronic procurement supporting 
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system may be constructed in a configuration wherein the 
communication terminal acquires the value entity provided 
by the value entity providing server and transfers the value 
entity through the use of the application received from the 
5 application delivery server. 

[0018] 

An electronic procurement supporting method according 
to the present invention comprises an acquiring step wherein 
a communication terminal makes acquiring means acquire a 

10 value entity accompanied by a public key corresponding to 

a specific private key; a receiving step wherein the 
communication terminal makes receiving means receive an 
application electronically signedby the private key, through 
an ad hoc network; a verifying step wherein the communication 

15 terminal makes verif yingmeans verify the application through 

the use of the public key; and a transferring step wherein, 
when the verifying means successfully verifies the 
application, the communication terminal makes transferring 
means transfer the value entity through the use of the 

20 application. 
[0019] 

An electronic procurement supporting program 
according to the present invention is an electronic 
procurement supporting program which can be executed by a 
25 communication terminal, the electronic procurement 

supporting program letting the communication terminal 
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substantialize: an acquiring function of acquiring a value 
entity accompanied by a public key corresponding to a specific 
private key; a receiving function of receiving an application 
electronically signed by the private key, through an ad hoc 
network; a verifying function of verifying the application 
through the use of the public key; and a transferring function 
of transferring the value entity through the use of the 
application when the application is successfully verified 
by the verifying function. 
[0020] 

According to these aspects of the invention, the value 
entity providing server provides a value entity accompanied 
by a public key corresponding to a specific private key, 
for the communication terminal and the application delivery 
server transmits an application electronically signed by 
the private key, through the ad hoc network to the 
communication terminal. The application is verified 
through the use of the public key. When the verification 
is successfully done, the application is used to transfer 
at least part of the value entity in consideration of a service 
to the application delivery server. This makes it feasible 
to implement permission of access of the application to the 
value entity after the identity is confirmed between the 
provider of the value entity and the signatory to the 
application. Accordingly, itbecomes feasible to safely and 
readily transmit and receive the value entity even through 



8 



FP03-0308-00 



the use of the application acquired via the ad hoc network 
without intermediation of any telecommunications carrier. 
[0021] 

The communication terminal according to the present 
5 invention may be configured so that the verifying means 

initiates the verification of the application in conjunction 
with an opportunity where the receiving means receives the 
application, and the communication terminal may further 
comprise starting means for starting the application in 
10 conjunction with an opportunity where the verifying means 

successfully verifies the application. 
[0022] 

According to the present invention, the application 
is verified in conjunction with the opportunity of the 

15 reception thereof and is started in conjunction with an 

opportunity of the success in the verification. In this 
configuration, when the received application is a qualified 
one, the safe application is started without an instruction 
from the user of the communication terminal . Therefore, the 

20 user of the communication terminal becomes able to readily 

and quickly use the acquired application. 
[0023] 

The communication terminal according to the present 
invention may further comprise deleting means for deleting 
25 the application in conjunction with an opportunity where 

a predetermined time has elapsed since a time when the 
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receiving means received the application. 
[0024] 

According to the present invention, the application 
is deleted in conjunction with the opportunity where the 
5 predetermined time has elapsed since the time of reception. 

In this configuration, the application is deleted without 
an instruction from the user of the communication terminal. 
Therefore, the user of the communication terminal is 
prevented from causing a confusion in the electronic 
10 commerce, for example, from erroneously applying the 

application to an electronic transaction unsuitable for the 
application (e.g., electronic transactions different in the 
contents of services) . As a result, the reliability of 
electronic procurement support is maintained. 

15 [0025] 

The communication terminal according to the present 
invention may further comprise deleting means for, where, 
a communication with a sender of the application is 
disconnected after the reception of the application by the 
20 receiving means, deleting the application in conjunction 

with an opportunity where a predetermined time has elapsed. 
[0026] 

According to the present invention, when the 
communication is disconnected between the communication 
25 terminal and the sender, the application is deleted in 

conjunction with the opportunity where the predetermined 
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time has elapsed since the time of the disconnection of the 
communication . Namely, without an instruction from the user 
of the communication terminal, the application is deleted 
after a lapse of the predetermined time from the point where 
5 the communication was disconnected between the sender of 

the application (e.g., an application delivery server) and 
the communication terminal. In this configuration, the 
application is deleted in conjunction with leaving action 
of the user of the communication terminal from the environment 

10 where the application is used, which can surely prevent the 

application from being applied to inappropriate electronic 
transactions. Therefore, no confusion is caused in the 
electronic commerce. As a result, the reliability of 
electronic procurement support is maintained. 

15 [0027] 

In the value entity providing server according to the 
present invention, the providing means may be configured 
to transmit the public key separately from the value entity 
to the communication terminal, prior to the provision of 

20 the value entity. 

According to the present invention, the value entity 
is sent separately from the transmission of the public key 
from the value entity providing server to the communication 
terminal. Therefore, where the communication terminal is 

25 refilled with an additional value entity from the value entity 

providing server, there is no need for attaching the public 
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key to the value entity, which can reduce the load of 
communication between the value entity providing server and 
the communication terminal. 
[0028] 

5 In the value entity providing server according to the 

present invention, the public key may be posted on a server 
accessible from a plurality of terminals through the cellular 
network . 

According to the present invention, the public key is 
10 posted on the server (e.g., the value entity providing 

server), independently of the value entity. This permits 
the communication terminal to access the server and acquire 
the public key only on the occasion of using the value entity. 
Therefore, the communication terminal does not always have 
15 to retain the public key and can save its memory capacity. 

[0029] 

The value entity providing server according to the 
present inventionmay further comprise second verif yingmeans 
for verifying integrity of the communication terminal before 

20 the providing means provides the value entity. According 

to the present invention, the integrity (sort of reliability 
of the communication terminal) , which is an index indicating 
whether the communication terminal can normally operate as 
assumed or not, is verified prior to the provision of the 

25 value entity from the value entity providing server to the 

communication terminal. Therefore, it can circumvent the 
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harms to the user of the communication terminal and the 
provider of the value entity, which can be caused by 
acquisition of the value entity at a low-reliability 
communication terminal. 

5 [0030] 

The application delivery server according to the 
present invention may further comprise receipt transmitting 
means for, when the value entity acquiring means acquires 
the value entity, transmitting receipt data electronically 
10 expressing receipt of the value entity, via the ad hoc network 

to the communication terminal . 
[0031] 

According to the present invention, the receipt data 
electronically expressing the receipt of the value entity 

15 at the application delivery server is transmitted from the 

application delivery server to the communication terminal 
through the ad hoc network. Therefore, when the user presents 
the receipt data received by the communication terminal, 
the application delivery server can readily confirm that 

20 the sender of the value entity is the above communication 

terminal. This makes it feasible to more securely prevent 
a commodity or a service in exchange for the value entity 
from being erroneously provided for a user of a different 
communication terminal (a communication terminal without 

25 transmission of any value entity) . 

[0032] 
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The application delivery server according to the 
present invention may further comprise third verifying means 
for verifying integrity of the communication terminal before 
the transmitting means transmits the application. 

5 According to the present invention, the integrity, which 

is an index indicating whether the communication terminal 
can normally operate as assumed, is verified prior to the 
provision of the application from the application delivery 
server to the communication terminal. Therefore, it is 

LO feasible to prevent the user of the communication terminal 

and -the sender of the application from being harmed by 
acquisition of the application by a low-reliability 
communication terminal. 
[0033] 

15 Thepresent invention will become more fully understood 

from the detailed description given herein below and the 
accompanying drawings which are given by way of illustration 
only, and thus are not to be considered as limiting the present 
invention . 

20 Further scope of applicability of thepresent invention 

will become apparent from the detailed description given 
hereinafter. However, it should be understood that the 
detailed description and specific examples, while indicating 
preferred embodiments of the invention, are given by way 

25 of illustration only, since various changes andmodif ications 

within the spirit and scope of the invention will become 
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apparent to those skilled in the art from this detailed 
description . 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0034] 

5 Fig. 1 is an illustration schematically showing the 

entire configuration of the electronic procurement 
supporting system. 

Fig. 2 is an illustration showing the functional 
configuration of the electronic procurement supporting 
10 system in the first and second embodiments. 

Fig. 3 is a block diagram showing the hardware 
configuration of the portable terminal. 

Fig . 4 is a flowchart showing the flow of the electronic 
procurement processing executed by the electronic 
15 procurement supporting system in the first embodiment. 

Fig. 5 is a diagram showing a data storage example of 
the value entity storage where plural types of value entities 
are stored. 

Fig. 6 is an illustration showing an example of the 
20 commodity menu displayed on the display device of the portable 

terminal in execution of the electronic procurement 
processing . 

Fig. 7 is a flowchart showing the flow of the electronic 
procurement processing executed by the electronic 
25 procurement supporting system in the second embodiment. 

Fig. 8 is an illustration showing the functional 
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configuration of the electronic procurement supporting 
system in the third embodiment. 

Fig. 9 is a flowchart showing the flow of the electronic 
procurement processing executed by the electronic 
5 procurement supporting system in the third embodiment. 

Fig. 10 is an illustration showing the functional 
configuration of the electronic procurement supporting 
system in a modification of the fourth embodiment. 

Fig. 11 is an illustration showing the functional 
10 configuration of the electronic procurement supporting 

system in the fifth embodiment. 

Fig . 12 is a flowchart showing the flow of the electronic 
procurement processing executed by the electronic 
procurement supporting system in the fifth embodiment. 
15 Fig . 13 is an illustration showing the configuration 

of the electronic procurement supporting program according 
to the present invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 
[0035] 

20 First Embodiment 

The electronic procurement supporting system 
according to the first embodiment of the present invention 
will be described below with reference to the accompanying 
drawings. First described is the configuration. Fig. 1 is 

25 a schematic illustration showing an example of the entire 

configuration of electronic procurement supporting system 
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1 in the present embodiment. As shown in Fig. 1, the 
electronic procurement supporting system 1 is comprised of 
value providing server 10 (corresponding to the value entity 
providing server), portable terminal 20 (corresponding to 
5 the communication terminal) , and shop server 30 

(corresponding to the application delivery server) . 
[0036] 

Furthermore, cellular network Nl is established 
between value providing server 10 and portable terminal 20, 
10 so that the portable terminal 20 can transmit and receive 

various data to and from the value providing server 10 via 
base station B and cellular network Nl . The cellular network 
Nl is under the control of a telecommunications carrier and 
authentication of correspondent is carried out according 
15 to necessity in communications between users. For this 

reason, communications via the cellular network Nl are at 
low risk of unauthorized intermediation of a third party 
and can implement relatively safe transmission and reception 
of data. 

20 [0037] 

Ad hoc network N2 is established between portable 
terminal 20 and shop server 30, so that the portable terminal 
20 can wirelessly transmit and receive various data to and 
from the shop server 30 via the ad hoc network N2 . The ad 
hoc network N2 is a network temporarily established between 
portable terminals, independently of a specific 
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infrastructure. In the present embodiment, the ad hoc 
network N2 will be described as a communication network 
pursuant to the near field communication standards such as 
IEEE802.11b, Bluetooth, or the like, but, without having 
to be limited to it, the ad hoc network may be a communication 
network pursuant to the proximity radio communication 
standards, for example, such as IrDA (Infrared Data 
Association), IS015693, IS014443, and so on. Furthermore, 
it may be a wire communication network. 
[0038] 

The ad hoc network N2 has such a characteristic that 
a communication area thereof is limited according to a reach 
of a radio wave transmitted from a terminal as a base. 
Therefore, it is easy to specify a location of a correspondent 
and the ad hoc network is suitable for delivery of an 
application program for electronic procurement support 
adaptive to the location of the portable terminal. Since 
the ad hoc network N2 can implement faster and cheaper 
communications than the cellular network Nl, it is suitable 
for delivery of high volume of data like applications. On 
the other hand, since the ad hoc network is not under the 
control of any telecommunications carrier, there is an 
undeniable possibility of circulation of malicious or 
defective applications. 
[0039] 

The value providing server 10 is a server apparatus 
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10 



which is operated by a payment service provider and which 
performs issuance and management (including provision with 
and without compensation) of a value entity usable in 
electronic procurement (trade of commodities and services 
through the use of the value entity electronically 
expressed) . The value providing server 10 provides a value 
entity for the portable terminal 20 through the cellular 
network Nl . The value providing server 10 may exist on an 
external network such as the Internet. In this case, the 
portable terminal 20 can access the value providing server 
10 through a gateway operated by the telecommunications 
carrier and via cellular network Nl . On this occasion, . in 
terms of securing the security of communication, it is 
possible to perform cipher communication utilizing a 
15 predetermined secure protocol such as SSL (Secure Socket 

Layer) or the like. 
[0040] 

The portable terminal 20 is adapted to a plurality of 
communication channels and is able to perform communications 

20 at least via the cellular network Nl and the ad hoc network 

N2 in the present embodiment. The portable terminal 20 
acquires a value entity from the value providing server 10. 
The portable terminal 20 acquires an application for 
electronic procurement from the store server 30 and uses 

25 the application to achieve a support on purchase of a desired 

commodity or service for a charge of the value entity. The 
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portable terminal 20 has a tamper-resistant data storage 
area (memory) and cryptographic processing performance. 
[0041] 

The shop server 30 is operated by a shop where the 
5 electronic procurement is actually carried out , and provides 

an application for the electronic procurement, for the 
portable terminal 20. The shop server 30 acquires from the 
portable terminal 20 a value entity utilized for the 
electronic procurement, as a consideration of a commodity 
10 or service. 

[0042] 

Fig. 2 is a system configuration diagram showing a 
functional configuration of electronic procurement 
supporting system 1 in the present embodiment . As shown in 

15 Fig. 2, the value providing server 10 functionally has value 

entity storage 11 and value entity transmitter 12 
(corresponding to the providing means) . The value entity 
storage 11 stores value entity 11a accompanied by public 
key Al used in verification of the application. In response 

20 to a request from portable terminal 20, the value entity 

transmitter 12 retrieves the value entity 11a accompanied 
by the public key Al, from the value entity storage 11 and 
transmits the value entity to the portable terminal 20 through 
the cellular network Nl and base station B. 

25 [0043] 

As shown in Fig. 2, portable terminal 20 functionally 
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has value entity receiver 21 (corresponding to the acquiring 
means), value entity storage 22, application receiver 23 
(corresponding to the receivingmeans) , application verifier 
24 (corresponding to the verifying means), application 
5 starter 25 (corresponding to the startingmeans) , application 

deleter 26 (corresponding to the deleting means) , value 
entity transmitter 27 (corresponding to the transferring 
means), and receipt receiver 28. 
[0044] 

10 The value entity receiver 21 receives the value entity 

11a transmitted from the value providing server 10 and stores 
it with the public key Al into the value entity storage 22. 

The value entity storage 22 stores the value entity 
11a received by the value entity receiver 21. The value 

15 entity storage 22 is preferably a tamper-resistant one in 

terms of securing the confidentiality of the value entity 
and the reliability of the system. There are well-known 
techniques about means for implementing the tamper resistance 
and, therefore, the detailed description thereof is omitted 

20 herein. However, conceivable methods are to construct the 

device of special materials, to properly interweave dummy 
wires, etc. (cf . Nonpatent Document 1 described before) . 
The value entity storage 21 is constructed, for example, 
of a UIM (User Identity Module ) , an SIM (Subscriber Identity 

25 Module), or the like. 

The application receiver 23 receives the application 
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transmitted from the store server 30 and provided with an 
electronic signature. 
[0045] 

In order to prevent the value entity from being misused 
5 by a malicious or defective application, the application 

verifier 24 verifies whether the application received by 
application receiver 23 is one with validity ensured. The 
verification is carried out based on whether the electronic 
signature on the received application is compliant to the 

10 public key Al attached to the value entity 11a in the value 

entity storage 22. Specifically, the electronic signature 
is encrypted by the private key A2 and the application with 
the electronic signature cannot be decrypted by any other 
key than the public key Al corresponding to the private key 

15 A2. Therefore, the portable terminal 20 is unable to execute 

the above application unless the public key Al is one 
corresponding to the private key A2 . 
[0046] 

Furthermore, the application verifier 24 permits 
20 access to an application judged as one with validity ensured 

(one successfully verified) but rejects access to an 
application judged as one without validity (one failing in 
verification) . 
[0047] 

25 The application starter 25 starts an application 

successfully verified as a result of the verification by 
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the application verifier 24. 

The application deleter 26 deletes an application 
failing in verification as a result of the verification by 
the application verifier 24. 
[0048] 

The value entity transmitter 27 is configured so that 
when an application is successfully verified and when the 
user of the portable terminal 20 gives an instruction to 
purchase a commodity or service, the value entity transmitter 
27 transmits a value entity of an amount equivalent to a 
consideration thereof to the store server 30. 

The receipt receiver 28 receives receipt data 
transmitted from the store server 30 and indicating receipt 
of the value entity. 

15 [0049] 

As shown in Fig. 2, the store server 30 functionally 
has application storage 31, application transmitter 32 
(corresponding to the application transmitting means ) , value 
entity receiver 33 (corresponding to the value entity 
20 acquiring means) , and receipt transmitter 34 (corresponding 

to the receipt transmitting means) . 
[0050] 

The application storage 31 stores application 31a for 
enabling the electronic procurement at the store where the 
25 store server 30 is located. This application 31a is 

preliminarily provided with an electronic signature by a 



23 



FP03-0308-00 



provider thereof and is of fered with or without compensation. 
The application 31a is electronically signed by the private 
key A2 owned or managed by the payment service provider as 
an operator of the value providing server 10 . The electronic 
5 signature certifies the provider of the application and 

ensures the validity of the application, and the attachment 
of this electronic signature permits the application 31a 
to use the value entity accompanied by the public key Al 
corresponding to the private key A2 . 

10 [0051] 

The application transmitter 32 retrieves the 
application 31a from application storage 31 in response to 
a request from portable terminal 20 and transmits the 
application 31a to the portable terminal 20 through ad hoc 

15 network N2 . 

The value entity receiver 33 receives the value entity 
transmitted by the value entity transmitter 27 of portable 
terminal 20, through ad hoc network N2 . 

The receipt transmitter 34 is configured so that when 
20 the value entity receiver receives the value entity of the 

amount corresponding to a consideration of a provided 
commodity or service, it prepares and transmits receipt data 
indicating the receipt to portable terminal 20. 
[0052] 

25 Since the portable terminal 20 is terminal equipment 

constituting the major part of the electronic procurement 
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supporting system according to the present invention, the 
hardware configuration thereof will be described below in 
detail. Fig. 3 is a hardware configuration diagram of 
portable terminal 20. The portable terminal 20 is comprised 
5 of controller 20a, input device 20b, RAM 20c, display device 

20d, storage device 20e, cellular network communication 
device 20f with telescopic antenna A, audio processor 20g, 
and ad hoc network communication device 20h. Each of these 
devices is electrically connected through bus 20j and they 
10 are able to send and receive signals to and from each other. 

[0053] 

The controller 20a retrieves an electronic procurement 
supporting program stored in the storage device 20e, into 
RAM 20c and integrally controls each of the parts according 

15 to the program. Namely, the controller 20a executes various 

processes including the after-described electronic 
procurement process according to an input signal from input 
device 20b and the program retrieved into the RAM 20c and 
temporarily stores the result of the processing in the RAM 

20 20c. Then the controller makes the processing result in the 

RAM 20c stored into a predetermined area inside the storage 
device 20e according to necessity. 
[0054] 

The input device 20b is comprised of various operation 
25 buttons for giving a request for transmission of the value 

entity and application, and an instruction of selection, 
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purchase, or the like of a commodity or service, and these 
various operation buttons are depressed singly or in 
combination to output an input signal according to the content 
of the instruction to the controller 20a. 
5 [0055] 

The RAM (Random Access Memory )20c is constructed of 
a volatile semiconductor memory and temporarily stores a 
program or data retrieved from the storage device 20e 
described below, in the various processes executed by the 
10 controller 20a . The RAM 20c also has a function of VRAM (Video 

RAM) for temporarily storing data displayed on the display 
device 20d. 
[0056] 

The display device 20d is constructed of an LCD (Liquid 
15 Crystal Display) , an EL (Electro Luminescence) device, or 

the like, and is a user interface for displaying display 
data such as a commodity menu or the like in accordance with 
a display signal supplied from the controller 20a. 
[0057] 

20 The storage device 20e is constructed of a nonvolatile 

semiconductor memory such as anEEPROM (Electrically Erasable 
and Programmable ROM) or the like, and stores data necessary 
for execution of various processes, data generated as a result 
of execution of the various processes, and so on. The storage 

25 device 20e stores the aforementioned value entity. 

[0058] 
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The cellular network communication device 20f performs 
control on radio communication with base station B. More 
specifically, the cellular network communication device 20f 
is a circuit consisting of a modem part (not shown) for 
5 executing modulation and demodulation of signals, and a codec 

part (not shown) for executing coding and decoding of signals , 
and has antenna A. The antenna A is provided in a telescopic 
manner in the upper part of the housing of portable terminal 
20 and is used for transmission and reception of radio waves 
10 to and from the base station B. 

[0059] 

The audio processor 20g is constructed of a converter, 
an amplifier, etc., and is equipped with microphone M and 
speaker S. The audio processor 20g operates during calls 

15 to convert audio data supplied from the controller 20a, into 

analog signals at the converter and emit sound through the 
amplifier from the speaker S. The audio processor 20g also 
operates during calls to convert audio signals from 
microphone M into digital signals at the converter and output 

20 them to the controller 20a. 

[0060] 

The ad hoc network communication device 2 Oh is pursuant 
to the near field communication standards such as IEEE802 .lib 
or Bluetooth or the like, which are the standards of wireless 
25 LAN, and performs direct transmission and reception of data 

to and from the ad hoc network N2 . 
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[0061] 

The operation of electronic procurement supporting 
system 1 in the present embodiment will be described below, 
together with each of steps constituting the electronic 
5 procurement supporting method according to the present 

invention. 
[0062] 

In the present embodiment, the store where the 
electronic procurement process is executed is assumed to 
10 be, particularly, a chain of coffee shops, but it is noted 

that the present invention is by no means limited to the 
application at only such stores . In the present embodiment 
the chain of stores is a management organization form 
including shops dealing identical types of commodities or 
15 services under a unified business name and realizing the 

interests under the control of the same headquarters. The 
payment service provider playing a key role in the operation 
of value providing server 10 is under contract about sale 
of commodities or services with the headquarters. The 
20 headquarters may serve as the payment service provider. 

[0063] 

Fig . 4 is a flowchart showing the flow of the electronic 
procurement processing executed by the electronic 
procurement supporting system 1 . Each of the steps described 
25 below is substantialized when the controller 20a executes 

the electronic procurement supporting program stored in the 
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storage device 20e shown in Fig. 3. 
[0064] 

First, the user of the portable terminal 20 purchases 
a value entity through a commercial transaction such as 
electronic settlement with a credit card, vicarious 
accounting by the telecommunications carrier, or the like. 
In conjunction with this operation, the value entity 
transmitter 12 of the value providing server 10 transmits 
the value entity 11a accompanied by the public key Al, to 
the portable terminal 20 via cellular network Nl and base 
stationB (SI) . This transmissionprocess canbe implemented 
by the existing techniques of electronic commerce, and it 
is desirable to utilize authentication by a pre-registered 
password, or electronic authentication by a certificate 
authority, in order to prevent spoofing by a third party. 
[0065] 

In order that an electronic procurement service to 
purchase a desired commodity with a consideration of the 
value entity 11a is definitely distinguished among various 
services provided in the electronic commerce, it is 
preferable to provide the value entity 11a with an identifier 
capable of uniquely identifying the service (which will be 
referred to hereinafter as a "service identifier" ) according 
to necessity. The service identifier is, for example, data 
of a combination of an IP address of the value providing 
server 10 with a character string not used before out of 
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character strings generated by the value providing server 
10, in order to avoid duplication with other services. 
[0066] 

The service identifier is also held by an application 
which can use the value entity 11a. This identifier is, for 
example, included in a character string representing a file 
name of the application, or described in a meta-inf ormation 
description area explicitly allocated to the application. 
Accordingly, the portable terminal 20 is able to detect 
whether the service identified by the application agrees 
with the service for which the value entity 11a is used, 
prior to execution of the application. 
[0067] 

At S2 , the value entity 11a transmitted at SI is received 
by the value entity receiver 21 of portable terminal 20 and 
is stored in correspondence with the service identifier into 
the value entity storage 22. 
[0068] 

At S3, the portable terminal 2 0 is connected through 
ad hoc network N2 to the store server 30. Such connection 
is established by the ad hoc network communication device 
20h, for example, when the portable terminal 20 is located 
within a communication area of a wireless LAN established 
by store server 30 in a coffee shop as a store. Since the 
25 communication area of the wireless LAN is normally at and 

near the site of the coffee shop, the communication via the 
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ad hoc network becomes enabled between portable terminal 
20 and store server 30 at the time when the user of portable 
terminal 20 enters the shop, at the latest. 
[0069] 

5 At S4, the application transmitter 32 of store server 

30 transmits the application 31a electronically signed by 
the private key A2, through ad hoc network N2 to the portable 
terminal 20. This transmission process may be push-type 
transmission in which the store server 30 forcibly transmits 
10 the application to every portable terminal including the 

portable terminal 20, or pull-type transmission in which 
the store server 30 transmits the application in response 
to an active transmission request from the portable terminal 
20. 

15 [0070] 

The application 31a transmitted at S4 is intended for 
support of purchase at the chain store, and the configuration 
thereof is individually selected according to marketing 
strategies specialized for the coffee shop where the store 

20 server 30 is located, and according to original service items 

or commodity types. The application 31a can be updated as 
occasion may demand. This enables effective procurement 
support adaptive to characteristics and temporal changes 
of the store. 

25 [0071] 

At S5, the application 31a transmitted at S4 is received 
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by the application' receiver 23 of portable terminal 20 and 
the application verifier 24 verifies the validity thereof 
using the public key Al and electronic signature. 
[0072] 

In the case where the value entity storage 22 stores 
plural types of value entities, it is effective to adopt 
a process of minimizing value entities as objects of 
verification, in terms of speeding-up of the verification 
process . This process can be implemented in such a way that 
the portable terminal 20 detects the aforementioned service 
identifier from the file name of the application or the like. 
The application verif icationprocess suitable for cases where 
plural types of value entities are stored will be described 
below with reference to Fig. 5. 

15 [0073] 

Fig. 5 is a diagram showing a data storage example in 
the value entity storage 22 storing a plurality of value 
" entities accompanied by mutually different public keys . As 
shown in Fig. 5, the value entity storage 22 comprises at 
20 least value entity area 221 and service identifier area 222 . 

The value entity area 221 stores the value entities 
accompanied by their respective public keys A2, A3, and A4 
different from the public key Al, in addition to the value 
entity 11a provided by the value providing server 10. The 
25 service identifier area 222 stores identifiers of services 

(e.g., "0001," "0002," "0003,"...) for which the 



32 



FP03-0308-00 



corresponding value entities in the value entity area 221 

are used. 
[0074] 

Referring back to Fig. 4, at S5 the application verifier 
5 24 collates the service identifier identif iedby the received 

application, with the service identifiers in the service 
identifier area 222 . When the collation results in detecting 
no service identifier agreeing with the service identifier 
of the application, the verification of the application ends 
10 in failure at that point and the flow shifts to the processing 

at and after S13 described later. 
[0075] 

On the other hand, when the above collation results 
in detecting a service identifier agreeing with the service 
15 identifier of the application, there is a possibility that 

the application is valid, and there also remains a possibility 
that a plurality of value entities with the same service 
identifier are detected, or a possibility that the electronic 
signature of the application is not compliant to the public 
20 key of the value entity. 

[0076] 

Therefore, the application verifier 24 further 
performs the verification of the electronic signature of 
the received application, using the public key attached to 
25 each value entity with the agreeing service identifier. 

Namely, the application verifier 24 verifies whether the 
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application is one electronically signed by the payment 
service provider as a provider of the value entity and whether 
ornot it is falsified. This verification canbe implemented, 
for example, by public-key cryptography. The verification 
5 process of the application may be one automatically executed 

in conjunction with the opportunity of the reception of the 
application or one executed in response to a user's 
instruction from input device 20b. 
[0077] 

L q where only one value entity is stored in the value entity 

storage 22, only the verification process of the electronic 
signature can be carried out without execution of the 
collation process of the service identifier. 

As a result, the verification is successfully conducted 

15 of the value entity provided with "0001" being the service 

identifier of the application 31a and accompanied by the 
public key Al corresponding to the private key A2, i.e., 
of the value entity 11a. 
[0078] 

20 When the verification at S5 results in confirming that 

the electronic signature of the application is made by the 
provider of the value entity and that the application is 
not falsified, the application verifier 24 determines that 
the application is successfully verified (S6; Yes), and 

25 instructs the application starter 25 to start the 

application. 
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[0079] 

At S7 the application received at S5 is started by the 
application starter 26. The application 31a thus started 
becomes accessible to the value entity 11a received and stored 
at S2. With the start of application 31a, a menu list of 
commodities or services available to the user of the portable 
terminal 20 is displayed on the display device 20d and the 
controller 20a awaits a user's instruction of purchase from 
the input device 20b. The instruction of purchase includes 
designation of identification information of a commodity 
or service for the user to desire to purchase, andalso includes 
designation of the number thereof. 
[0080] 

For example, supposing the store is a chain store as 
described above, coffee shop menu 201 shown in Fig. 6 is 
displayed on the display device 20d. As shown in Fig. 6, 
the coffee shop menu 201 presents a list of types of coffees 
as names of commodities along with their prices. The user 
checks a check box 201a located to the left corresponding 
to a name of a desired commodity (Dry Caffe Latte) through 
the input device 20b to select a coffee as an object of 
purchase. It is also possible to employ a scheme wherein 
the number of desired coffee is entered into the check box 
201a. The display may also be arranged so that, after the 
selection of the purchasing object, the display device 20d 
displays a message for the user to confirm the commodity 
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name and number. 
[0081] 

More specifically, in the coffee shop menu 201, "Dry 
Caf fe Latte, 11 which the coffee shop originally promotes, 
5 is displayed as "Our recommendation" at a position easy to 

attract user's attention (an area near to the head part of 
the menu) . In this way, the electronic procurement 
supporting system 1 enables each of coffee shops under the 
control of the aforementioned headquarters to provide the 

10 electronic procurement support based on its original 

marketing strategy and location. Particularly, in the case 
of a nationwide expanding chain of stores, user's tastes 
and climate conditions vary among regions, and thus 
electronic procurement supports differing among coffee shops 

15 are effective in terms of improvement of convenience and 

promotion of sale. Furthermore, changes of commodity names 
displayedas "Today' s coffee" at appropriate intervals (e.g., 
every day) are also effective in a sense of promptly adjusting 
to changes of user's needs. 

20 [0082] 

Returning to Fig. 4, when the purchase instruction is 
entered (S8) , the value entity transmitter 27 of the portable 
terminal 20 subtracts a value entity of an amount equivalent 
to a charge of the commodity or service designated to purchase 

25 (350 yen in the above example) from the value entity 11a 

in the value entity storage 22, and the value entity is 
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transmitted via ad hoc network N2 to the store server 30 
(S9) . This transmission process can be implemented by the 
existing electronic money transmission/reception 
technologies, for example, as described in Document 
5 ("Information Security Technologies," August 2000, 

published by THE TELECOMMUNICATIONS ASSOCIATION, supervised 
by Seiichi Ido, and edited by Takaaki Matsumoto and Tatsuaki 
Okamoto) . 
[0083] 

10 If the value entity equivalent to the charge of the 

commodity or service is greater than the value entity 11a, 
the value entity transmitter 27 makes the display device 
20d display a message of insufficient funds, without 
performing the subtraction and transmission of the value 

15 entity. A value entity of a shortfall may be compensated 

for by a post-payment (later payment) method. 
[0084] 

At S10, the value entity transmitted from the portable 
terminal 20 is received by the value entity receiver 33 of 
20 the store server 30. 

At Sll, the receipt transmitter 34 of store server 30 
transmits data electronically expressing the receipt of the 
value entity equivalent to the charge of the commodity or 
service (receipt data) through ad hoc network N2 to the 
25 portable terminal 20. 

[0085] 



37 



FP03-0308-00 



At S12, the receipt receiver 28 of portable terminal 
20 receives the receipt data transmitted from the store server 
30. The application 31a converts the received receipt data 
into a renderable format and it is displayed on the display 
5 device 20d. In order to facilitate identification of an 

issuer of the receipt and prevent forgery, a background color 
selected by the coffee shop may be used in the receipt data 
or a predetermined icon (pictorial symbol) may be inserted 
therein. In order to prevent double use of the receipt, the 
10 background color or icon may be altered at predetermined 

time intervals . Furthermore, the receipt data may be given 
a time stamp indicating a date of issue. 
[0086] 

The coffee shop requests the user of the portable 
15 terminal 20 as a purchaser to display the receipt data on 

the display device 20d and, after the validity of the receipt 
data is confirmed, the coffee shop provides the commodity 
(Dry Caffe Latte in the above example) for the user. 
[0087] 

20 The receipt does not always have to be limited to those 

transmitted and received between terminals. Namely, of 
course, it is also possible to employ such a configuration 
that when the value entity is received at S10, a shop attendant 
at the shop acknowledging it prints out a physical (paper 

25 medium) receipt expressing the receipt of the charge 

equivalent to the value entity, and hands it to the user. 
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[0088] 

When the verification at S5 results in acknowledging 
that the electronic signature of the application is not one 
provided by the provider of the value entity or that the 
application is falsified, the application verifier 24 
determines that the application failed in verification (S6; 
No) , and instructs the application deleter 26 to delete the 
application . 
[0089] 

At S13, the application received at S5 is deleted by 
the application deleter 26 . In the ad hoc networks including 
the wireless LANs, direct communications are carried out 
between terminal devices without intermediation of any 
telecommunications carrier, and it is thus envisaged that 
the communication content is intercepted or that third 
parties except for the coffee shop provide other services 
by wireless LANs in the neighboring areas. By deleting the 
application, however, it is feasible to avoid various harms 
that can be caused by execution of the application made by 
a malicious third party or possibly falsified. As a result, 
it is feasible to secure the high security level for the 
electronic procurement supporting system 1. 
[0090] 

At S14, the display device 20d displays a message 
25 indicating that the application received at S5 was deleted. 

The message is, for example, text data of "The downloaded 
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application failed in verification. Consequently, the 
application was deleted." For this reason, the user of 
portable terminal 20 readily acknowledges that the 
application failed in verification and that the application 
was deleted. The application deleting process may be 
arranged to be executed in response to a user's instruction 
from the input device 20b. 
[0091] 

As described above, the electronic procurement 
supporting system 1 in the first embodiment is configured 
to verify whether the access of the application to the value 
entity acquired in advance from the value providing server 
10 should be permitted, taking into account the concern that 
the application transmitted from the store server 30 is not 
always safe . The means for performing this verification is 
one to determine whether the creator of the public key 
preliminarily attached to the value entity agrees with the 
creator of the private key used for the electronic signature 
of the application. The portable terminal 20 permits the 
access of the application to the value entity only in the 
case of the success in verification, and transfers the value 
entity to the store server 30 through the use of the 
application . 
[0092] 

This makes it feasible to prevent the access of an 
application of an uncertified provider or a falsified 
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application to the value entity and thus prevent misuse of 
the value entity. As a result, the safe and easy electronic 
procurement support is also implemented under circumstances 
where the value entity is transmitted and received through 
the use of the ad hoc networks. 
[0093] 

Second Embodiment 

The second embodiment of the present invention will 
be described below. 

In the first embodiment the value entity was transmitted 
together with the corresponding public key from the value 
providing server 10 to the portable terminal 20, whereas 
in the present embodiment the value entity and the public 
key are transmitted independently of each other. 
[0094] 

The electronic procurement supporting system in the 
present embodiment has much the same functional configuration 
as the electronic procurement supporting system 1 detailed 
in the first embodiment . The portable terminal in the present 
embodiment also has the same hardware configuration as the 
aforementioned portable terminal 20 . Therefore, the common 
components will be denoted by the same reference symbols, 
without the description thereof, and only differences from 
the first embodiment will be detailed below. 
[0095] 

The electronic procurement processing executed by the 
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electronic procurement supporting system in the second 
embodiment will be described below with reference to Fig. 
7 . 

The electronic procurement processing in the present 
5 embodiment includes the steps common to the electronic 

procurement processing detailed in the first embodiment (cf . 
Fig. 4) . Specifically, the steps of S25-S36 in Fig. 7 are 
equivalent to those of S3-S14 shown in Fig. 4. 
[0096] 

10 The following will describe S21-S24 (processes in 

heavy-line blocks in Fig. 7), which are specific steps in 
the present embodiment. First, at S21 the user of the 
portable terminal 20 completes an agreement about trade of 
commodities or services with a payment service provider or 

15 acquires an account with the provider, whereby the value 

entity transmitter 12 of the value providing server 10 
transmits the public key Al via cellular network Nl and base 
station B to the portable terminal 20. 
[0097] 

20 AtS22, the public key Al transmitted at S21 is received 

by the value entity receiver 21 of portable terminal 20 to 
be stored in the value entity storage 22. In a potential 
configuration, the public key Al maybe preliminarily stored 
in the storage device 20e at the time of production of the 

25 • portable terminal 20. 

[0098] 
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At S23, the user of the portable terminal 20 purchases 
a value entity through a commercial transaction such as 
electronic settlement with a credit card, vicarious 
accounting by the telecommunications carrier, or the like. 
In conjunction therewith, the value entity transmitter 12 
of the value providing server 10 transmits the value entity 
lla corresponding to the public key Al via cellular network 
Nl and base station B to portable terminal 20. 
[0099] 

At S24, the value entity lla transmitted at S23 is 
received by the value entity receiver 21 of portable terminal 
20 and is stored in correspondence with the public key Al 
and service identifier into the value entity storage 22. 

Thereafter, the processes at and after S25 are executed, 
and the steps of S25-S36 are the same as those of S3-S14 
in the first embodiment (cf. Fig. 4). Therefore, the 
description thereof is omitted herein. 
[0100] 

In the electronic procurement supporting system in the 
second embodiment, the portable terminal 20 can be refilled 
(or charged) with an additional value entity, by repeatedly 
executing the processes of S23 and S24. Namely, when there 
remains some value entity in the value entity storage 22 
at the time of the reception of an additional value entity 
at the portable terminal 20, the amount of the received value 
entity is added (merged) to the amount of the remaining value 
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entity. On this occasion, the value providing server 10 does 
not have to attach the public key to the value entity 
transmitted, and it is thus feasible to decrease the volume 
of data transmitted in conjunction with the electronic 
5 procurement processing. 

[0101] 

Third Embodiment 

The third embodiment of the present invention will be 

described below. 

10 m the first and second embodiments, the portable 

terminal 20 was configured to store the public key 
preliminarily acquired from the value providing server 10, 
together with the corresponding value entity in the value 
entity storage 22, and always retain it. In contrast to it, 

15 in the present embodiment the portable terminal 20 is 

configured to request the value providing server 10 to 
transmit the public key on every occasion of electronic 
purchase using the application, and thereby acquire the 
public key. 

20 [0102] 

Fig. 8 is a system configuration diagram showing the 
functional configuration of electronic procurement 
supporting system 2 in the present embodiment. The 
electronic procurement supporting system 2 includes a 

25 plurality of components functionally common to the electronic 

procurement supporting system 1 in the first and second 
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embodiments. The portable terminal in the present 
embodiment has the same hardware configuration as the 
aforementioned portable terminal 20. Therefore, the common 
components will be denoted by the same reference symbols, 
5 without description thereof, and only differences from each 

of the above embodiments will be detailed below. 
[0103] 

As shown in Fig. 8, the value providing server 10 
functionally has value entity storage 11, public key posting 
10 part 13, value entity transmitter 12, and public key 

transmitter 14. 

The value entity storage 11 stores value entity lib 
used for electronic purchase of a commodity or service at 
a store. 

15 The public key posting part 13 updatably retains public 

keyAl necessary for starting of application 31a. The public 
key posting part 13 posts the public key Al in an accessible 
form from a plurality of portable terminals including the 
portable terminal 20, via cellular network Nl . 

20 [0104] 

The value entity transmitter 12 retrieves the value 
entity lib from the value entity storage 11 in response to 
a value entity transmission request from the portable 
terminal 20 and transmits it through the cellular network 
25 Nl and base station B to the portable terminal 20. 

The public key transmitter 14 acquires the public key 
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Al from the public key posting part 13 in accordance with 
a public key transmission request from the portable terminal 
20 and transmits it through the cellular network Nl and base 
station B to the portable terminal 20. 
5 [0105] 

As shown in Fig. 8, the portable terminal 20 
functionally has value entity receiver 21, value entity 
storage 22, application receiver 23, public key transmission 
requester 29, public key receiver 210, application verifier 
10 24, application starter 25, application deleter 26, value 

entity transmitter 27, and receipt receiver 28. 
[0106] 

The public key transmission requester 29 requests the 
value providing server 10 to transmit the public key necessary 
15 for starting of application 31a (public key Al), in 

conjunction with reception of the application 31a at 
application receiver 23. 

The public key receiver 210 receives the public key 
Al transmitted by the public key transmitter 14 of value 
20 providing server 10 and instructs the application verifier 

24 to verify the application 31a through the use of the public 
key Al . 
[0107] 

The electronic procurement processing executed by the 
25 electronic procurement supporting system in the third 

embodiment will be described below with reference to Fig. 
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9. 

The electronic procurement processing in the present 
embodiment includes a plurality of steps common to the 
electronic procurement processing (cf. Fig. 4) detailed in 
5 the first embodiment. Specifically, the steps of S44, S45, 

and S49-S57 in Fig. 9 are equivalent to those of S3, S4, 
and S6-S14 shown in Fig. 4. 
[0108] 

S41-S43, S46, and S47 (processes in heavy-line blocks 
10 in Fig. 9) , which are specif ic steps in the present embodiment , 

willbedescribedbelow. First, at S4 1 the public key posting 
part 13 of value providing server 10 posts the public key 
Al in an accessible form from portable terminal 20 through 
cellular network Nl . 

15 [0109] 

At S42, the user of portable terminal 20 purchases a 
value entity through a commercial transaction such as the 
electronic settlement with a credit card, the vicarious 
accounting by the telecommunications carrier, or the like. 

20 In conjunction therewith, the value entity transmitter 12 

of value providing server 10 transmits the value entity 11a 
corresponding to the public key Al via cellular network Nl 
and base station B to the portable terminal 20. 
[0110] 

25 At S43, the value entity 11a transmitted at S42 is 

received by the value entity receiver 21 of portable terminal 
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20 and is stored in correspondence with the service identifier 
in the value entity storage 22. At this point, the public 
key Al does not exist in the portable terminal 20. 
[0111] 

5 When the portable terminal 20 is connected through ad 

hoc network N2 to store server 30 (S44), the store server 
30 transmits the application 31a via ad hoc network N2 to 
portable terminal 20 (S45) . 

At S46, the public key transmission requester 29 sends 
10 a transmission request for transmission of the public key 

Al necessary for starting of the application 31a, to the 
value providing server 10 in conj unction with the opportunity 
of the reception of application 31a. This transmission 
request is transmitted through cellular network Nl with 
15 higher confidentiality and security. 

[0112] 

At S47, the public key transmitter 14 acquires the 
public key Al from the public key posting part 13 in response 
to the public key transmission request transmitted at S46, 
20 and transmits the public key Al via cellular network Nl to 

portable terminal 20. 
[0113] 

The public key Al transmitted at S47 is received by 
public key receiver 210 of portable terminal 20 (S48) . In 
25 conjunction with the reception of the public key Al, the 

portable terminal 20 makes the application verifier 24 start 
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the verification of application 31a received at S46. 
Thereafter, the processes at and after S49 are executed, 
and the steps of S49-S57 are the same as those of S6-S14 
(cf. Fig. 4) in the first embodiment. Therefore, the 
5 description thereof is omitted herein. 

[0114] 

In the electronic procurement supporting system 2 in 
the third embodiment, the payment service provider posts 
the public key Al on the value providing server 10, whereby 
10 the portable terminal 20 can acquire the public key Al from 

the value providing server 10 as occasion demands, without 
need for always retaining the public key Al . Therefore, it 
is feasible to save the storage capacity of data in the portable 
terminal 20. 

15 [0115] 

Proper update of private key A2 contributes to 
improvement in security of the electronic procurement 
support, but it is difficult to update the public key Al 
retained by the portable terminal 20, without a delay behind 

20 the update of the private key A2 . In the electronic 

procurement supporting system 2, therefore, the portable 
terminal 20 actively acquires the public key Al on every 
occasion of reception of application 31a. This permits the 
user of portable terminal 20 to securely and readily obtain 

25 the public key Al corresponding to the latest private key 

A2 even after update of the private key A2 . As a consequence, 
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the electronic procurement supporting system 2 can provide 
easy electronic procurement while maintaining the high 

security. 
[0116] 

5 Fourth Embodiment 

The fourth embodiment of the present invention will 
be described below. 

In the first to third embodiments the portable terminal 
20 was configured to delete the application if the received 
10 application failed in verification. In contrast to it, in 

the present embodiment the portable terminal 20 is configured 
to automatically delete the application in conjunction with 
an opportunity where a predetermined time has elapsed since 
the time of reception of the application. The following will 
15 describe a typical example of electronic procurement 

supporting system 3 constructed by adding an elapsed time 
measuring function to the electronic procurement supporting 
system 1 in the first embodiment, and it is also noted that 
this function can also be applied to the electronic 
2 0 procurement supporting systems in the second and third 

embodiments . 
[0117] 

Fig. 10 is a system configuration diagram showing the 
functional configuration of electronic procurement 
25 supporting system 3 in the present embodiment. The 

electronic procurement supporting system 3 includes a 
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plurality of components functionally common to the electronic 
procurement supporting system 1 in the first embodiment. 
The portable terminal in the present embodiment also has 
the same hardware configuration as the aforementioned 
5 portable terminal 20 . Therefore, the common components will 

be denotedby the same reference symbols, without description 
thereof, and only differences from the first embodiment will 
be detailed below. 
[0118] 

10 A predetermined time Tl arbitrarily set by the store 

(e.g., approximately one to three hours) is preliminarily 
described in the application 31a transmitted from the store 
server 30 to the portable terminal 20. 

As shown in Fig. 10, the portable terminal 20 

15 functionally has value entity receiver 21, value entity 

storage 22, application receiver 23, elapsed time measuring 
part 211, application verifier 24, application starter 25, 
application deleter 2 6, value entity transmitter 27, and 
receipt receiver 28. 

20 [0119] 

The elapsed time measuring part 211 starts measurement 
of elapsed time at the time when the application receiver 
23 receives the application 31a. At the same time, the 
elapsed time measuring part 211 acquires the predetermined 

25 time Tl from the application 31a and awaits arrival of the 

elapsed time at the predetermined time Tl . In conjunction 
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with the opportunity where the above elapsed time arrives 
at the predetermined time Tl, the elapsed time measuring 
part 211 instructs the application deleter 26 to delete the 
application 31a. 

5 [0120] 

The application deleter 26 deletes the application 31a 
in accordance with the instruction from the elapsed time 
measuring part 211. If there is a file created by the 
application 31a, the application deleter 26 also deletes 
10 it. The file is, for example, receipt data converted in a 

renderable format. 
[0121] 

The electronic procurement supporting system 3 in the 
fourth embodiment is configured to automatically delete the 

15 application 31 in conjunction with the lapse of the 

predetermined time from the point of the reception thereof 
at portable terminal 20. For this reason, the application 
31a will never stay in the portable terminal 20 over the 
predetermined time . Therefore, it is feasible to circumvent 

20 the fear that the application 31a or the file created thereby 

is used at another store to cause a confusion in the electronic 
commerce . 
[0122] 

Furthermore, a modification of the fourth embodiment 
25 may be such that the portable terminal 20 continues a 

communication session with the store server 30 even after 
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the reception of application 31a and the elapsed time 
measuring part 211 starts the measurement of elapsed time 
at the time of disconnection of the communication session. 
In this case, the elapsed time measuring part 211 acquires 
a predetermined time T2 (e.g., approximately five minutes) 
from the application 31a at the same time as the start of 
measurement and awaits arrival of the above elapsed time 
at the predetermined time T2 . In conjunction with an 
opportunity where the above elapsed time arrives at the 
predetermined time T2, the elapsed time measuring part 211 
instructs the application deleter 2 6 to delete the 
application 31a. 
[0123] 

The application deleter 26 deletes the application 31a 
in accordance with the instruction from the elapsed time 
measuring part 211. If there is a file created by the 
application 31a, the application deleter 26 also deletes 
it. The file is, for example, receipt data converted in the 
renderable format. 

20 [0124] 

A disconnection of a communication session is caused 

by an external factor such as departure of the portable 

terminal 20 from in the communication area of ad hoc network 

N2. In the electronic procurement supporting system in the 

25 present modification, the application 31a is deleted in 

conjunction with the opportunity of the disconnection of 
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the communication session. In other words, the period of 
time to retain the application 31a is dependent upon the 
duration of the communication session, and the application 
is promptly and securely deleted from the portable terminal 
20 because of withdrawal of the user of portable terminal 
20 from the store. Accordingly, it is feasible to eliminate 
the concern that the application 31a is used at another store 
to cause a confusion in the electronic commerce. 
[0125] 

In some communication environments there is a 
possibility that communication is disconnected for some 
reason after completion of reception and before completion 
of verification of the application 31a and the application 
31a not passing the verification process remains in the 
15 portable terminal 20. In such cases, therefore, the 

application deleter 26 automatically deletes the application 
31a after a lapse of the predetermined time, whereby it is 
feasible to prevent the application with no guarantee of 
validity from being held in the portable terminal 20. The 
20 predetermined time is desirably a sufficiently short period 

of time (e.g., approximately one to three seconds) in terms 
of avoiding a case in which the application is used for transfer 
of a value entity immediately after reception of the 
application 31a. 
25 [0126] 

Fifth Embodiment 
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The fifth embodiment of the present invention will be 
described below. 

In the present embodiment, the portable terminal has 
a function of measuring integrity which is an index indicating 
5 whether the potable terminal can normally operate as 

expected. The value providing server verifies the result 
of the measurement transmitted from the portable terminal 
and transmits the value entity to the portable terminal only 
if the verification is successful. Similarly, the store 
10 server sends the application to the portable terminal only 

if the above measurement result is successfully verified. 
[0127] 

The following will describe a typical example of 
electronic procurement supporting system 4 constructed by 
15 adding the integrity measuring function to the portable 

terminal 20 in the electronic procurement supporting system 
1 in the first embodiment, and it is noted that this function 
can also be applied to the electronic procurement supporting 
systems in the second to fourth embodiments. 

20 [0128] 

Fig. 11 is a system configuration diagram showing the 
functional configuration of electronic procurement 
supporting system 4 in the present embodiment. The 
electronic procurement supporting system 4 includes a 

25 plurality of components functionally common to the electronic 

procurement supporting system 1 in the first embodiment. 
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The portable terminal in the present embodiment also has 
the same hardware configuration as the aforementioned 
portable terminal 20 . Therefore, the common components will 
be denotedby the same reference symbols, without description 
5 thereof, and only differences from the first embodiment will 

be detailed below. 
[0129] 

As shown in Fig. 11, the value providing server 10 
functionally has value entity storage 11, measurement result 

10 transmission requester 15, measurement result receiver 16, 

measurement result verifier 17 (corresponding to the second 
verifying means), and value entity transmitter 12. The 
measurement result transmission requester 16 requests the 
portable terminal 2 0 to transmit the measurement result of 

15 integrity. The measurement result receiver 16 receives the 

measurement result transmitted by the measurement result 
transmitter 213 of portable terminal 20, through cellular 
network Nl . 
[0130] 

20 The measurement result verifier 17 verifies the above 

measurement result received by the measurement result 
receiver 16 to evaluate the reliability of the portable 
terminal 20. The process of verifying the integrity 
measurement result can be implemented by the existing 

25 techniques, for example, as described in the document (Compaq 

Computer Corporation, Hewlett-Packard Company, IBM 
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Corporation, Intel Corporation, Microsoft Corporation, 
"Trusted Computing Platform Alliance (TCPA) Main 
Specification Version 1.1b," 22 February 2002, 
http: //www. trustedcomputing.org/docs/main%20vl_lb .pdf ) . 

5 [0131] 

The portable terminal 20 functionally has integrity 
measuringpart 212, measurement result transmitter 213, value 
entity receiver 21, value entity storage 22, application 
receiver 23, application verifier 24, application starter 
10 25, application deleter 26, value entity transmitter 27, 

and receipt receiver 28. 
[0132] 

The integrity measuring part 212 has the function 
substantialized as the TPM (Trusted Platform Module) of the 
15 existing technology is executed by the controller 20a of 

portable terminal 20, and measures the integrity of portable 
terminal 20. The measurement process of integrity can also 
be implemented, for example, by the techniques described 
in the above document . 
20 [0133] 

The measurement result transmitter 213 transmits the 
integrity measurement result by the integrity measuring part 
212 to the value providing server 10. 
[0134] 

25 The store server 30 functionally has application 

storage 31, measurement result transmission requester 35, 
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measurement result receiver 36, measurement result verifier 
37 (corresponding to the third verifying means ) , application 
transmitter 32, value entity receiver 33, and receipt 
transmitter 34. The measurement result transmission 
5 requester 35 requests the portable terminal 20 to transmit 

the result of measurement of integrity. The measurement 
result receiver 36 receives the above measurement result 
transmitted by the measurement result transmitter 213 of 
portable terminal 20, via the ad hoc network N2 . The 
10 measurement result verifier 37 verifies the above measurement 

result received by the measurement result receiver 36 to 
evaluate the reliability of portable terminal 20. 
[0135] 

The electronic procurement processing executed by the 
15 electronic procurement supporting system in the fifth 

embodiment will be described below with reference to Fig. 
12 . 

The electronic procurement processing in the present 
embodiment includes a plurality of steps common to the 
20 electronic procurement processing (cf. Fig. 4) detailed in 

the first embodiment. Specifically, the steps of S66-S68, 
and S74-S76 in Fig. 12 are equivalent to those of S1-S3, 
andS4-S6 shown in Fig. 12. Although the post-processes after 
S76 are not illustrated, the same processes as the processes 
25 at and after S7 in Fig. 4 are executed. 

[0136] 
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S61-S65 and S69-S73 (processes in heavy-line blocks 
in Fig. 12), which are specific steps in the present 
embodiment, will be described below. 
[0137] 

5 At S61, in order for the value providing server 10 to 

check the reliability of portable terminal 20, the 
measurement result transmission requester 15 of value 
providing server 10 transmits a transmission request for 
transmission of integrity to the portable terminal 20 . This 
10 transmission request is transmitted via the cellular network 

Nl with higher confidentiality and security. 
[0138] 

At S62, according to the transmission request 
transmitted at S 61, the integrity measuring part 212 measures 
15 the integrity of portable terminal 20. 

At S63, the measurement result transmitter 213 
transmits the integrity measured at S62, via cellular network 
Nl to the value providing server 10. 
[0139] 

20 At S64, the measurement result receiver 16 receives 

the integrity measurement result transmitted from the 
portable terminal 20 at S63, and the measurement result 
verifier 17 verifies the measurement result. When the 
verification results in successfully verifying the integrity 

25 (S65; Yes) , the flow goes to S66 to transmit the value entity 

11a accompaniedby the public keyAl, via the cellular network 
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Nl and base station B to the portable terminal 20. 
[0140] 

When the verification at S64 results in failing to 
verify the integrity (S65; No) , the sequential electronic 
procurement processing ends. Factors to cause the failure 
in the verification of integrity include, for example, a 
case in which the portable terminal 20 is unreliable because 
of infection with a virus or the like. 
[0141] 

When the portable terminal 20 is connected to the store 
server 30 (S68) , in order for the store server 30 to check 
the reliability of portable terminal 20, S69 is carried out 
to let the measurement result transmission requester 35 of 
store server 30 transmit an integrity transmission request 
to the portable terminal 20. 
[0142] 

At S70, according to the transmission request 
transmitted at S69, the integrity measuring part 212 measures 
the integrity of portable terminal 20. 

At S71, the measurement result transmitter 213 
transmits the integrity measured at S70, via the adhoc network 
N2 to the store server 30. 
[0143] 

At S72, the measurement result receiver 36 receives 
the integrity measurement result transmitted from portable 
terminal 20 at S71 and the measurement result verifier 37 
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verifies the measurement result. When the verification 
results in successfully verifying the integrity (S73; Yes) , 
the flow proceeds to S74 to transmit the application 31a 
in the application storage 31 via the ad hoc network N2 to 
5 the portable terminal 20. On the other hand, when the 

verification of integrity is unsuccessful (S73; No), the 
sequential electronic procurement processing ends. 
[0144] 

In the electronic procurement supporting system 4 in 
10 the fifth embodiment, the value providing server 10 acquires 

the integrity measurement result of the portable terminal 
20 being the receiver of the value entity, prior to the 
transmission of the value entity, and evaluates the 
reliability of portable terminal 20 on the basis of the 
15 measurement result. Then it transmits the value entity to 

only the portable terminal judged as reliable . Accordingly, 
it is feasible to avoid harms on the electronic procurement 
supporting system and degradation of reliability due to 
acquisition of the value entity by the portable terminal 
20 possibly infected with a virus or falsified with malice. 

[0145] 

In the electronic procurement supporting system 4 in 
the fifth embodiment, the store server 30 acquires the 
integrity measurement result of the portable terminal 20 
25 being the receiver of the application, prior to the 

transmission of the application, and evaluates the 
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reliability of portable terminal 20 on the basis of the 
measurement result. Then it transmits the application to 
only the portable terminal judged as reliable . Through this 
operation, the integrity of portable terminal 20 is again 
verified immediately before the receptionof the application, 
as well as immediately before the reception of the value 
entity. Accordingly, for example, in the case where there 
was no problem in integrity at the time of reception of the 
value entity at portable terminal 20 but the integrity was 
degraded after the reception, it is feasible to circumvent 
harms on the electronic procurement supporting system and 
degradation of reliability because of inappropriate behavior 
of portable terminal 20. 
[0146] 

Lastly, the electronic procurement supporting program 
for letting the portable terminal 20 execute the sequential 
electronic procurement processing described above will be 
described. As shown in Fig. 13, the electronic procurement 
supporting program 41 is stored in program storage area 40a 
formed in recording medium 40. 
[0147] 

The electronic procurement supporting program 41 is 
comprised of main module 41a for totally controlling the 
electronic procurement processing; value entity receiving 
module 41b for letting the portable terminal 20 execute a 
process of receiving a value entity transmitted from the 
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outside; value entity storage module 41c for letting the 
portable terminal 20 execute aprocess of storing the received 
value entity into a storage means such as a memory; application 
receiving module 41d for letting the portable terminal 20 
execute a process of receiving an application transmitted 
from the outside; application verifying module 41e for 
letting the portable terminal 20 execute a process of 
verifying the received application; application starting 
module 41f for letting the portable terminal 20 execute a 
process of starting an application successfully verified; 
application deleting module 41g for letting the portable 
terminal 20 execute a process of deleting an application 
failing in verification; value entity transmitting module 
41h for letting the portable terminal 20 execute a process 
of transmitting the value entity to the sender of the 
application; and receipt receiving module 41i for letting 
the portable terminal 20 execute a process of receiving 
receipt data for a value entity, transmitted from the outside . 
[0148] 

The functions implemented by executing the respective 
modules of value entity receiving module 41b, application 
receiving module 41d, application verifying module 41e, 
application startingmodule 41f , application deletingmodule 
41g, value entity transmitting module 41h, and receipt 
25 receiving module 41i are similar to those of the value entity 

receiver 21, application receiver 23, application verifier 
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24, application starter 25, application deleter 26, value 
entity transmitter 21, and receipt receiver 28 of the portable 
terminal 20. Data stored through execution of the value 
entity storage module 41c is similar to the data stored in 
5 the value entity storage 22. 

[0149] 

The electronic procurement supporting program 41 may 
be configured so that part or all thereof is transmitted 
through a transmission medium such as a communication line 
10 or the like and is received and recorded (including an 

installed case) by another device. 
[0150] 

From the invention thus described, it will be obvious 
that the embodiments of the invention may be varied in many 
15 ways . Such variations are not to be regarded as a departure 

from the spirit and scope of the invention, and all such 
modifications as would be obvious to one skilled in the art 
are intended for inclusion within the scope of the following 
claims . 
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